search

IdentityModel / oidc-client-js

OpenID Connect (OIDC) and OAuth2 protocol support for browser-based JavaScript applications
Apache License 2.0
2.43k stars 842 forks source link

querySessionStatus causes "login_reuired" error #1319

Closed fwitkowski closed 3 years ago

fwitkowski commented 3 years ago

am connecting to keycloak IdP from angular using OIDC-CLIENT-JS.

When connecting to keycloak on my localhost (in docker) and getting session status using querySessionStatus(), everything is fine.

When trying to do the same to keycloak on remote server, (connected through VPN) I am getting error: login_required

Both keycloak servers run on docker, and both have same configuration.

brockallen commented 3 years ago

I'm going to guess your cookie is not being sent in the iframe. Possibly due to same site or ITP issues?

fwitkowski commented 3 years ago

So do you think it might be caused by VPN settings? Here is extended question in Stackoverflow: https://stackoverflow.com/questions/66590538/login-required-error-oidc-client-with-angular

brockallen commented 3 years ago

No idea, just a guess based on common issues I've seen before.

ngoanhtan commented 3 years ago

So do you think it might be caused by VPN settings? Here is extended question in Stackoverflow: https://stackoverflow.com/questions/66590538/login-required-error-oidc-client-with-angular

I have the same issues but it just happens on chrome version 85 and above (the newest version of Microsoft edge is the same), it does not happen on firefox. I guest it related to the Referrer Policy had change to "strict-origin-when-cross-origin". Changelog of chrome 85 Could you check again your issue by Firefox ?

ngoanhtan commented 3 years ago

So do you think it might be caused by VPN settings? Here is extended question in Stackoverflow: https://stackoverflow.com/questions/66590538/login-required-error-oidc-client-with-angular

I have the same issues but it just happens on chrome version 85 and above (the newest version of Microsoft edge is the same), it does not happen on firefox. I guest it related to the Referrer Policy had change to "strict-origin-when-cross-origin". Changelog of chrome 85 Could you check again your issue by Firefox ?

Update: The exact reason for my issue is Reject insecure SameSite=None cookies

thinkerytim commented 3 years ago

Update: The exact reason for my issue is Reject insecure SameSite=None cookies

@ngoanhtan can you explain your solution please?